Blogs

Events

Stories

Attention: RHN Hosted will reach the end of its service life on July 31, 2017.
Customers will be required to migrate existing systems to Red Hat Subscription Management prior to this date.
Learn more here

Details

The Red Hat Security Response Team has rated this update as havingimportant security impact. Common Vulnerability Scoring System (CVSS) basescores, which give detailed severity ratings, are available for eachvulnerability from the CVE links in the References section.

Mesa provides a 3D graphics API that is compatible with Open GraphicsLibrary (OpenGL). It also provides hardware-accelerated drivers for manypopular graphics chips.

An out-of-bounds access flaw was found in Mesa. If an application usingMesa exposed the Mesa API to untrusted inputs (Mozilla Firefox doesthis), an attacker could cause the application to crash or, potentially,execute arbitrary code with the privileges of the user running theapplication. (CVE-2013-1872)

It was found that Mesa did not correctly validate messages from the Xserver. A malicious X server could cause an application using Mesa to crashor, potentially, execute arbitrary code with the privileges of the userrunning the application. (CVE-2013-1993)

All users of Mesa are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. All runningapplications linked against Mesa must be restarted for this update to takeeffect.

Solution

Before applying this update, make sure all previously-released erratarelevant to your system have been applied.